import java.sql.*;
import java.util.Scanner;

/**
 * 使用预编译SQL执行SQL,防止SQL注入攻击
 * 1.将需要执行的SQL语句,发送给数据库,让数据库理解SQL语句的执行意图[?表示占位符]
 *  select naickneme from userinfo where username=? and password=?
 * 2.创建预编译SQL的执行对象[将SQL语句发生给数据库]
 * 3.设置预编译SQL语句中 占位符? 的值
 */
public class JDBCLogin2 {
    public static void main(String[] args) {
        Scanner sc=new Scanner(System.in);
        System.out.println("请输入用户名:");
        String username=sc.nextLine();
        System.out.println("请输入密码:");
        String password=sc.nextLine();
        try (final Connection connection = DBUtil.getConnection();){
            String sql="select nickname from userinfo where username=? and password=?";
            final PreparedStatement preparedStatement = connection.prepareStatement(sql);
            preparedStatement.setString(1,username);
            preparedStatement.setString(2,password);
            final ResultSet resultSet = preparedStatement.executeQuery();
            if (resultSet.next()){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }
    }
}
